<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Security files | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'security-files.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-files.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-files.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/security-files.html" rel="nofollow" target="_blank">../en/security-files.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="secure-cluster.html">Secure a cluster</a></span>
»
<span class="breadcrumb-link"><a href="configuring-security.html">Configuring security in Elasticsearch</a></span>
»
<span class="breadcrumb-node">Security files</span>
</div>
<div class="navheader">
<span class="prev">
<a href="separating-node-client-traffic.html">« Separating node-to-node and client traffic</a>
</span>
<span class="next">
<a href="fips-140-compliance.html">FIPS 140-2 »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="security-files"></a>Security files<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/reference/files.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>
<p>The Elasticsearch security features use the following files:</p>
<div class="ulist itemizedlist">
<ul class="itemizedlist">
<li class="listitem">
<code class="literal">ES_PATH_CONF/roles.yml</code> defines the roles in use on the cluster. See
<a class="xref" href="defining-roles.html" title="Defining roles">Defining roles</a>.
</li>
<li class="listitem">
<code class="literal">ES_PATH_CONF/elasticsearch-users</code> defines the users and their hashed passwords for
the <code class="literal">file</code> realm. See <a class="xref" href="file-realm.html" title="File-based user authentication">File-based user authentication</a>.
</li>
<li class="listitem">
<code class="literal">ES_PATH_CONF/elasticsearch-users_roles</code> defines the user roles assignment for the
the <code class="literal">file</code> realm. See <a class="xref" href="file-realm.html" title="File-based user authentication">File-based user authentication</a>.
</li>
<li class="listitem">
<code class="literal">ES_PATH_CONF/role_mapping.yml</code> defines the role assignments for a
Distinguished Name (DN) to a role. This allows for LDAP and Active Directory
groups and users and PKI users to be mapped to roles. See
<a class="xref" href="mapping-roles.html" title="Mapping users and groups to roles">Mapping users and groups to roles</a>.
</li>
<li class="listitem">
<code class="literal">ES_PATH_CONF/log4j2.properties</code> contains audit information. See
<a class="xref" href="audit-log-output.html" title="Logfile audit output">Logfile audit output</a>.
</li>
</ul>
</div>
<div class="important admon">
<div class="icon"></div>
<div class="admon_content">
<a id="security-files-location"></a>
<p>Any files that the security features use must be stored in the Elasticsearch
            configuration directory. Elasticsearch runs with restricted permissions
            and is only permitted to read from the locations configured in the
            directory layout for enhanced security.</p>
</div>
</div>
<p>Several of these files are in the YAML format. When you edit these files, be
aware that YAML is indentation-level sensitive and indentation errors can lead
to configuration errors. Avoid the tab character to set indentation levels, or
use an editor that automatically expands tabs to spaces.</p>
<p>Be careful to properly escape YAML constructs such as <code class="literal">:</code> or leading exclamation
points within quoted strings. Using the <code class="literal">|</code> or <code class="literal">&gt;</code> characters to define block
literals instead of escaping the problematic characters can help avoid problems.</p>
</div>
<div class="navfooter">
<span class="prev">
<a href="separating-node-client-traffic.html">« Separating node-to-node and client traffic</a>
</span>
<span class="next">
<a href="fips-140-compliance.html">FIPS 140-2 »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>